Report Owner Match Capability

git-svn-id: https://shorewall.svn.sourceforge.net/svnroot/shorewall/trunk@2043 fbd18981-670d-0410-9b5c-8dc0c1a9a2bb
This commit is contained in:
teastep 2005-04-11 18:15:09 +00:00
parent 82ccc620ae
commit 41fcd3cb71
4 changed files with 11 additions and 0 deletions

View File

@ -6,6 +6,8 @@ Changes in 2.2.4
3) Make an error message more self-explanatory 3) Make an error message more self-explanatory
4) Report Owner Match capability
Changes in 2.2.3 Changes in 2.2.3
1) Added the 'continue' extension script. 1) Added the 'continue' extension script.

View File

@ -5651,6 +5651,7 @@ determine_capabilities() {
PHYSDEV_MATCH= PHYSDEV_MATCH=
IPRANGE_MATCH= IPRANGE_MATCH=
RECENT_MATCH= RECENT_MATCH=
OWNER_MATCH=
qt $IPTABLES -N fooX1234 qt $IPTABLES -N fooX1234
qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes qt $IPTABLES -A fooX1234 -m conntrack --ctorigdst 192.168.1.1 -j ACCEPT && CONNTRACK_MATCH=Yes
@ -5660,6 +5661,7 @@ determine_capabilities() {
qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes qt $IPTABLES -A fooX1234 -m physdev --physdev-in eth0 -j ACCEPT && PHYSDEV_MATCH=Yes
qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes qt $IPTABLES -A fooX1234 -m iprange --src-range 192.168.1.5-192.168.1.124 -j ACCEPT && IPRANGE_MATCH=Yes
qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT && RECENT_MATCH=Yes qt $IPTABLES -A fooX1234 -m recent --update -j ACCEPT && RECENT_MATCH=Yes
qt $IPTABLES -A fooX1234 -m owner --cmd-owner foo -j ACCEPT && OWNER_MATCH=Yes
if [ -n "$PKTTYPE" ]; then if [ -n "$PKTTYPE" ]; then
qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE= qt $IPTABLES -A fooX1234 -m pkttype --pkt-type broadcast -j ACCEPT || PKTTYPE=
@ -5690,6 +5692,7 @@ report_capabilities() {
report_capability "Physdev Match" $PHYSDEV_MATCH report_capability "Physdev Match" $PHYSDEV_MATCH
report_capability "IP range Match" $IPRANGE_MATCH report_capability "IP range Match" $IPRANGE_MATCH
report_capability "Recent Match" $RECENT_MATCH report_capability "Recent Match" $RECENT_MATCH
report_capability "Owner Match" $OWNER_MATCH
} }
# #

View File

@ -61,6 +61,10 @@ New Features in version 2.2.4
allowoutUPnP fw loc allowoutUPnP fw loc
Note: To use 'allowoutUPnP', your iptables and kernel must
support the 'owner match' feature (see the output of
"shorewall check").
If your loc->fw policy is not ACCEPT then you need this If your loc->fw policy is not ACCEPT then you need this
rule: rule:

View File

@ -139,6 +139,8 @@ fi
%doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn %doc COPYING INSTALL changelog.txt releasenotes.txt tunnel ipsecvpn
%changelog %changelog
* Fri Apr 08 2005 Tom Eastep tom@shorewall.net
- Added /etc/shorewall/started
* Tue Apr 05 2005 Tom Eastep tom@shorewall.net * Tue Apr 05 2005 Tom Eastep tom@shorewall.net
- Updated to 2.2.3-1 - Updated to 2.2.3-1
* Mon Mar 07 2005 Tom Eastep tom@shorewall.net * Mon Mar 07 2005 Tom Eastep tom@shorewall.net